@atproto/jwk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/LICENSE.txt +7 -0
  3. package/dist/alg.d.ts +3 -0
  4. package/dist/alg.d.ts.map +1 -0
  5. package/dist/alg.js +90 -0
  6. package/dist/alg.js.map +1 -0
  7. package/dist/errors.d.ts +24 -0
  8. package/dist/errors.d.ts.map +1 -0
  9. package/dist/errors.js +62 -0
  10. package/dist/errors.js.map +1 -0
  11. package/dist/index.d.ts +11 -0
  12. package/dist/index.d.ts.map +1 -0
  13. package/dist/index.js +27 -0
  14. package/dist/index.js.map +1 -0
  15. package/dist/jwk.d.ts +2424 -0
  16. package/dist/jwk.d.ts.map +1 -0
  17. package/dist/jwk.js +112 -0
  18. package/dist/jwk.js.map +1 -0
  19. package/dist/jwks.d.ts +1770 -0
  20. package/dist/jwks.d.ts.map +1 -0
  21. package/dist/jwks.js +12 -0
  22. package/dist/jwks.js.map +1 -0
  23. package/dist/jwt-decode.d.ts +6 -0
  24. package/dist/jwt-decode.d.ts.map +1 -0
  25. package/dist/jwt-decode.js +20 -0
  26. package/dist/jwt-decode.js.map +1 -0
  27. package/dist/jwt-verify.d.ts +20 -0
  28. package/dist/jwt-verify.d.ts.map +1 -0
  29. package/dist/jwt-verify.js +3 -0
  30. package/dist/jwt-verify.js.map +1 -0
  31. package/dist/jwt.d.ts +1785 -0
  32. package/dist/jwt.d.ts.map +1 -0
  33. package/dist/jwt.js +150 -0
  34. package/dist/jwt.js.map +1 -0
  35. package/dist/key.d.ts +38 -0
  36. package/dist/key.d.ts.map +1 -0
  37. package/dist/key.js +131 -0
  38. package/dist/key.js.map +1 -0
  39. package/dist/keyset.d.ts +41 -0
  40. package/dist/keyset.d.ts.map +1 -0
  41. package/dist/keyset.js +234 -0
  42. package/dist/keyset.js.map +1 -0
  43. package/dist/util.d.ts +48 -0
  44. package/dist/util.d.ts.map +1 -0
  45. package/dist/util.js +143 -0
  46. package/dist/util.js.map +1 -0
  47. package/package.json +38 -0
  48. package/src/alg.ts +98 -0
  49. package/src/errors.ts +56 -0
  50. package/src/index.ts +10 -0
  51. package/src/jwk.ts +141 -0
  52. package/src/jwks.ts +15 -0
  53. package/src/jwt-decode.ts +27 -0
  54. package/src/jwt-verify.ts +22 -0
  55. package/src/jwt.ts +173 -0
  56. package/src/key.ts +93 -0
  57. package/src/keyset.ts +240 -0
  58. package/src/util.ts +181 -0
  59. package/tsconfig.build.json +8 -0
  60. package/tsconfig.json +4 -0
@@ -0,0 +1 @@
1
+ {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB,eAAO,MAAM,eAAe,kGAGuB,CAAA;AAEnD,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAA;AACvD,eAAO,MAAM,WAAW,SAAU,OAAO,4CACA,CAAA;AAEzC,eAAO,MAAM,iBAAiB,wFAGqB,CAAA;AAEnD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAC3D,eAAO,MAAM,aAAa,SAAU,OAAO,kCACA,CAAA;AAE3C;;GAEG;AACH,eAAO,MAAM,eAAe;IAC1B,yCAAyC;;IAEzC,2CAA2C;;IAE3C,4CAA4C;;;;;;;;;;;;;;;;;;;;;;;IAW5C,sCAAsC;;IAEtC,yCAAyC;;IAEzC,uDAAuD;;IAEvD,kEAAkE;;IAElE,yEAAyE;;IAEzE,oCAAoC;;IAEpC,4CAA4C;;IAE5C,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEzC,CAAA;AAEF,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAA;AAGvD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;YApC3B,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAAzC,yCAAyC;;;;;;;;;;;;;;;;4CA2BzC,4CAA4C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YA3B5C,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAAzC,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAAzC,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAAzC,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+IzC,CAAA;AAEF,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA"}
package/dist/jwt.js ADDED
@@ -0,0 +1,150 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.jwtPayloadSchema = exports.jwtHeaderSchema = exports.isUnsignedJwt = exports.unsignedJwtSchema = exports.isSignedJwt = exports.signedJwtSchema = void 0;
4
+ const zod_1 = require("zod");
5
+ const jwk_js_1 = require("./jwk.js");
6
+ const util_js_1 = require("./util.js");
7
+ exports.signedJwtSchema = zod_1.z
8
+ .string()
9
+ .superRefine(util_js_1.jwtCharsRefinement)
10
+ .superRefine((0, util_js_1.segmentedStringRefinementFactory)(3));
11
+ const isSignedJwt = (data) => exports.signedJwtSchema.safeParse(data).success;
12
+ exports.isSignedJwt = isSignedJwt;
13
+ exports.unsignedJwtSchema = zod_1.z
14
+ .string()
15
+ .superRefine(util_js_1.jwtCharsRefinement)
16
+ .superRefine((0, util_js_1.segmentedStringRefinementFactory)(2));
17
+ const isUnsignedJwt = (data) => exports.unsignedJwtSchema.safeParse(data).success;
18
+ exports.isUnsignedJwt = isUnsignedJwt;
19
+ /**
20
+ * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4}
21
+ */
22
+ exports.jwtHeaderSchema = zod_1.z.object({
23
+ /** "alg" (Algorithm) Header Parameter */
24
+ alg: zod_1.z.string(),
25
+ /** "jku" (JWK Set URL) Header Parameter */
26
+ jku: zod_1.z.string().url().optional(),
27
+ /** "jwk" (JSON Web Key) Header Parameter */
28
+ jwk: zod_1.z
29
+ .object({
30
+ kty: zod_1.z.string(),
31
+ crv: zod_1.z.string().optional(),
32
+ x: zod_1.z.string().optional(),
33
+ y: zod_1.z.string().optional(),
34
+ e: zod_1.z.string().optional(),
35
+ n: zod_1.z.string().optional(),
36
+ })
37
+ .optional(),
38
+ /** "kid" (Key ID) Header Parameter */
39
+ kid: zod_1.z.string().optional(),
40
+ /** "x5u" (X.509 URL) Header Parameter */
41
+ x5u: zod_1.z.string().optional(),
42
+ /** "x5c" (X.509 Certificate Chain) Header Parameter */
43
+ x5c: zod_1.z.array(zod_1.z.string()).optional(),
44
+ /** "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter */
45
+ x5t: zod_1.z.string().optional(),
46
+ /** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header Parameter */
47
+ 'x5t#S256': zod_1.z.string().optional(),
48
+ /** "typ" (Type) Header Parameter */
49
+ typ: zod_1.z.string().optional(),
50
+ /** "cty" (Content Type) Header Parameter */
51
+ cty: zod_1.z.string().optional(),
52
+ /** "crit" (Critical) Header Parameter */
53
+ crit: zod_1.z.array(zod_1.z.string()).optional(),
54
+ });
55
+ // https://www.iana.org/assignments/jwt/jwt.xhtml
56
+ exports.jwtPayloadSchema = zod_1.z.object({
57
+ iss: zod_1.z.string().optional(),
58
+ aud: zod_1.z.union([zod_1.z.string(), zod_1.z.array(zod_1.z.string()).nonempty()]).optional(),
59
+ sub: zod_1.z.string().optional(),
60
+ exp: zod_1.z.number().int().optional(),
61
+ nbf: zod_1.z.number().int().optional(),
62
+ iat: zod_1.z.number().int().optional(),
63
+ jti: zod_1.z.string().optional(),
64
+ htm: zod_1.z.string().optional(),
65
+ htu: zod_1.z.string().optional(),
66
+ ath: zod_1.z.string().optional(),
67
+ acr: zod_1.z.string().optional(),
68
+ azp: zod_1.z.string().optional(),
69
+ amr: zod_1.z.array(zod_1.z.string()).optional(),
70
+ // https://datatracker.ietf.org/doc/html/rfc7800
71
+ cnf: zod_1.z
72
+ .object({
73
+ kid: zod_1.z.string().optional(), // Key ID
74
+ jwk: jwk_js_1.jwkPubSchema.optional(), // JWK
75
+ jwe: zod_1.z.string().optional(), // Encrypted key
76
+ jku: zod_1.z.string().url().optional(), // JWK Set URI ("kid" should also be provided)
77
+ // https://datatracker.ietf.org/doc/html/rfc9449#section-6.1
78
+ jkt: zod_1.z.string().optional(),
79
+ // https://datatracker.ietf.org/doc/html/rfc8705
80
+ 'x5t#S256': zod_1.z.string().optional(), // X.509 Certificate SHA-256 Thumbprint
81
+ // https://datatracker.ietf.org/doc/html/rfc9203
82
+ osc: zod_1.z.string().optional(), // OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation
83
+ })
84
+ .optional(),
85
+ client_id: zod_1.z.string().optional(),
86
+ scope: zod_1.z.string().optional(),
87
+ nonce: zod_1.z.string().optional(),
88
+ at_hash: zod_1.z.string().optional(),
89
+ c_hash: zod_1.z.string().optional(),
90
+ s_hash: zod_1.z.string().optional(),
91
+ auth_time: zod_1.z.number().int().optional(),
92
+ // https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
93
+ // OpenID: "profile" scope
94
+ name: zod_1.z.string().optional(),
95
+ family_name: zod_1.z.string().optional(),
96
+ given_name: zod_1.z.string().optional(),
97
+ middle_name: zod_1.z.string().optional(),
98
+ nickname: zod_1.z.string().optional(),
99
+ preferred_username: zod_1.z.string().optional(),
100
+ gender: zod_1.z.string().optional(), // OpenID only defines "male" and "female" without forbidding other values
101
+ picture: zod_1.z.string().url().optional(),
102
+ profile: zod_1.z.string().url().optional(),
103
+ website: zod_1.z.string().url().optional(),
104
+ birthdate: zod_1.z
105
+ .string()
106
+ .regex(/\d{4}-\d{2}-\d{2}/) // YYYY-MM-DD
107
+ .optional(),
108
+ zoneinfo: zod_1.z
109
+ .string()
110
+ .regex(/^[A-Za-z0-9_/]+$/)
111
+ .optional(),
112
+ locale: zod_1.z
113
+ .string()
114
+ .regex(/^[a-z]{2}(-[A-Z]{2})?$/)
115
+ .optional(),
116
+ updated_at: zod_1.z.number().int().optional(),
117
+ // OpenID: "email" scope
118
+ email: zod_1.z.string().optional(),
119
+ email_verified: zod_1.z.boolean().optional(),
120
+ // OpenID: "phone" scope
121
+ phone_number: zod_1.z.string().optional(),
122
+ phone_number_verified: zod_1.z.boolean().optional(),
123
+ // OpenID: "address" scope
124
+ // https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim
125
+ address: zod_1.z
126
+ .object({
127
+ formatted: zod_1.z.string().optional(),
128
+ street_address: zod_1.z.string().optional(),
129
+ locality: zod_1.z.string().optional(),
130
+ region: zod_1.z.string().optional(),
131
+ postal_code: zod_1.z.string().optional(),
132
+ country: zod_1.z.string().optional(),
133
+ })
134
+ .optional(),
135
+ // https://datatracker.ietf.org/doc/html/rfc9396#section-14.2
136
+ authorization_details: zod_1.z
137
+ .array(zod_1.z
138
+ .object({
139
+ type: zod_1.z.string(),
140
+ // https://datatracker.ietf.org/doc/html/rfc9396#section-2.2
141
+ locations: zod_1.z.array(zod_1.z.string()).optional(),
142
+ actions: zod_1.z.array(zod_1.z.string()).optional(),
143
+ datatypes: zod_1.z.array(zod_1.z.string()).optional(),
144
+ identifier: zod_1.z.string().optional(),
145
+ privileges: zod_1.z.array(zod_1.z.string()).optional(),
146
+ })
147
+ .passthrough())
148
+ .optional(),
149
+ });
150
+ //# sourceMappingURL=jwt.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,qCAAuC;AACvC,uCAAgF;AAEnE,QAAA,eAAe,GAAG,OAAC;KAC7B,MAAM,EAAE;KACR,WAAW,CAAC,4BAAkB,CAAC;KAC/B,WAAW,CAAC,IAAA,0CAAgC,EAAC,CAAC,CAAC,CAAC,CAAA;AAG5C,MAAM,WAAW,GAAG,CAAC,IAAa,EAAqB,EAAE,CAC9D,uBAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAA;AAD5B,QAAA,WAAW,eACiB;AAE5B,QAAA,iBAAiB,GAAG,OAAC;KAC/B,MAAM,EAAE;KACR,WAAW,CAAC,4BAAkB,CAAC;KAC/B,WAAW,CAAC,IAAA,0CAAgC,EAAC,CAAC,CAAC,CAAC,CAAA;AAG5C,MAAM,aAAa,GAAG,CAAC,IAAa,EAAuB,EAAE,CAClE,yBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAA;AAD9B,QAAA,aAAa,iBACiB;AAE3C;;GAEG;AACU,QAAA,eAAe,GAAG,OAAC,CAAC,MAAM,CAAC;IACtC,yCAAyC;IACzC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,2CAA2C;IAC3C,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,4CAA4C;IAC5C,GAAG,EAAE,OAAC;SACH,MAAM,CAAC;QACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;QACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC1B,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACzB,CAAC;SACD,QAAQ,EAAE;IACb,sCAAsC;IACtC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,yCAAyC;IACzC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,uDAAuD;IACvD,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACnC,kEAAkE;IAClE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,yEAAyE;IACzE,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,oCAAoC;IACpC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,4CAA4C;IAC5C,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,yCAAyC;IACzC,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA;AAIF,iDAAiD;AACpC,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IACrE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACnC,gDAAgD;IAChD,GAAG,EAAE,OAAC;SACH,MAAM,CAAC;QACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,SAAS;QACrC,GAAG,EAAE,qBAAY,CAAC,QAAQ,EAAE,EAAE,MAAM;QACpC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,gBAAgB;QAC5C,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,8CAA8C;QAEhF,4DAA4D;QAC5D,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAE1B,gDAAgD;QAChD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,uCAAuC;QAE1E,gDAAgD;QAChD,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,qHAAqH;KAClJ,CAAC;SACD,QAAQ,EAAE;IAEb,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEhC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEtC,uEAAuE;IAEvE,0BAA0B;IAC1B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,0EAA0E;IACzG,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,SAAS,EAAE,OAAC;SACT,MAAM,EAAE;SACR,KAAK,CAAC,mBAAmB,CAAC,CAAC,aAAa;SACxC,QAAQ,EAAE;IACb,QAAQ,EAAE,OAAC;SACR,MAAM,EAAE;SACR,KAAK,CAAC,kBAAkB,CAAC;SACzB,QAAQ,EAAE;IACb,MAAM,EAAE,OAAC;SACN,MAAM,EAAE;SACR,KAAK,CAAC,wBAAwB,CAAC;SAC/B,QAAQ,EAAE;IACb,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEvC,wBAAwB;IACxB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAEtC,wBAAwB;IACxB,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,qBAAqB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7C,0BAA0B;IAC1B,qEAAqE;IACrE,OAAO,EAAE,OAAC;SACP,MAAM,CAAC;QACN,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAChC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC7B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC/B,CAAC;SACD,QAAQ,EAAE;IAEb,6DAA6D;IAC7D,qBAAqB,EAAE,OAAC;SACrB,KAAK,CACJ,OAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;QAChB,4DAA4D;QAC5D,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACzC,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACvC,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACzC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACjC,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC3C,CAAC;SACD,WAAW,EAAE,CACjB;SACA,QAAQ,EAAE;CACd,CAAC,CAAA"}
package/dist/key.d.ts ADDED
@@ -0,0 +1,38 @@
1
+ import { Jwk } from './jwk.js';
2
+ import { VerifyOptions, VerifyPayload, VerifyResult } from './jwt-verify.js';
3
+ import { JwtHeader, JwtPayload, SignedJwt } from './jwt.js';
4
+ export declare abstract class Key {
5
+ protected readonly jwk: Readonly<Jwk>;
6
+ constructor(jwk: Readonly<Jwk>);
7
+ get isPrivate(): boolean;
8
+ get isSymetric(): boolean;
9
+ get privateJwk(): Jwk | undefined;
10
+ get publicJwk(): Jwk | undefined;
11
+ get bareJwk(): Jwk | undefined;
12
+ get use(): "sig" | "enc";
13
+ /**
14
+ * The (forced) algorithm to use. If not provided, the key will be usable with
15
+ * any of the algorithms in {@link algorithms}.
16
+ *
17
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1 | "alg" (Algorithm) Header Parameter Values for JWS}
18
+ */
19
+ get alg(): string | undefined;
20
+ get kid(): string | undefined;
21
+ get crv(): "P-256" | "P-384" | "P-521" | "secp256k1" | "Ed25519" | "Ed448" | undefined;
22
+ /**
23
+ * All the algorithms that this key can be used with. If `alg` is provided,
24
+ * this set will only contain that algorithm.
25
+ */
26
+ get algorithms(): readonly string[];
27
+ /**
28
+ * Create a signed JWT
29
+ */
30
+ abstract createJwt(header: JwtHeader, payload: JwtPayload): Promise<SignedJwt>;
31
+ /**
32
+ * Verify the signature, headers and payload of a JWT
33
+ *
34
+ * @throws {JwtVerifyError} if the JWT is invalid
35
+ */
36
+ abstract verifyJwt<P extends VerifyPayload = JwtPayload, C extends string = string>(token: SignedJwt, options?: VerifyOptions<C>): Promise<VerifyResult<P, C>>;
37
+ }
38
+ //# sourceMappingURL=key.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"key.d.ts","sourceRoot":"","sources":["../src/key.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAa,MAAM,UAAU,CAAA;AACzC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC5E,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAG3D,8BAAsB,GAAG;IACX,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC;gBAAlB,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC;IAKjD,IAAI,SAAS,IAAI,OAAO,CAKvB;IAED,IAAI,UAAU,IAAI,OAAO,CAIxB;IAED,IAAI,UAAU,IAAI,GAAG,GAAG,SAAS,CAEhC;IAED,IACI,SAAS,IAAI,GAAG,GAAG,SAAS,CAO/B;IAED,IACI,OAAO,IAAI,GAAG,GAAG,SAAS,CAI7B;IAED,IAAI,GAAG,kBAEN;IAED;;;;;OAKG;IACH,IAAI,GAAG,uBAEN;IAED,IAAI,GAAG,uBAEN;IAED,IAAI,GAAG,gFAEN;IAED;;;OAGG;IACH,IACI,UAAU,IAAI,SAAS,MAAM,EAAE,CAElC;IAED;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAE9E;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAChB,CAAC,SAAS,aAAa,GAAG,UAAU,EACpC,CAAC,SAAS,MAAM,GAAG,MAAM,EACzB,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;CAC7E"}
package/dist/key.js ADDED
@@ -0,0 +1,131 @@
1
+ "use strict";
2
+ var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
3
+ var useValue = arguments.length > 2;
4
+ for (var i = 0; i < initializers.length; i++) {
5
+ value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
6
+ }
7
+ return useValue ? value : void 0;
8
+ };
9
+ var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
10
+ function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
11
+ var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
12
+ var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
13
+ var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
14
+ var _, done = false;
15
+ for (var i = decorators.length - 1; i >= 0; i--) {
16
+ var context = {};
17
+ for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
18
+ for (var p in contextIn.access) context.access[p] = contextIn.access[p];
19
+ context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
20
+ var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
21
+ if (kind === "accessor") {
22
+ if (result === void 0) continue;
23
+ if (result === null || typeof result !== "object") throw new TypeError("Object expected");
24
+ if (_ = accept(result.get)) descriptor.get = _;
25
+ if (_ = accept(result.set)) descriptor.set = _;
26
+ if (_ = accept(result.init)) initializers.unshift(_);
27
+ }
28
+ else if (_ = accept(result)) {
29
+ if (kind === "field") initializers.unshift(_);
30
+ else descriptor[key] = _;
31
+ }
32
+ }
33
+ if (target) Object.defineProperty(target, contextIn.name, descriptor);
34
+ done = true;
35
+ };
36
+ Object.defineProperty(exports, "__esModule", { value: true });
37
+ exports.Key = void 0;
38
+ const alg_js_1 = require("./alg.js");
39
+ const errors_js_1 = require("./errors.js");
40
+ const jwk_js_1 = require("./jwk.js");
41
+ const util_js_1 = require("./util.js");
42
+ let Key = (() => {
43
+ var _a;
44
+ let _instanceExtraInitializers = [];
45
+ let _get_publicJwk_decorators;
46
+ let _get_bareJwk_decorators;
47
+ let _get_algorithms_decorators;
48
+ return _a = class Key {
49
+ constructor(jwk) {
50
+ Object.defineProperty(this, "jwk", {
51
+ enumerable: true,
52
+ configurable: true,
53
+ writable: true,
54
+ value: (__runInitializers(this, _instanceExtraInitializers), jwk)
55
+ });
56
+ // A key should always be used either for signing or encryption.
57
+ if (!jwk.use)
58
+ throw new errors_js_1.JwkError('Missing "use" Parameter value');
59
+ }
60
+ get isPrivate() {
61
+ const { jwk } = this;
62
+ if ('d' in jwk && jwk.d !== undefined)
63
+ return true;
64
+ if ('k' in jwk && jwk.k !== undefined)
65
+ return true;
66
+ return false;
67
+ }
68
+ get isSymetric() {
69
+ const { jwk } = this;
70
+ if ('k' in jwk && jwk.k !== undefined)
71
+ return true;
72
+ return false;
73
+ }
74
+ get privateJwk() {
75
+ return this.isPrivate ? this.jwk : undefined;
76
+ }
77
+ get publicJwk() {
78
+ if (this.isSymetric)
79
+ return undefined;
80
+ if (this.isPrivate) {
81
+ const { d: _, ...jwk } = this.jwk;
82
+ return jwk;
83
+ }
84
+ return this.jwk;
85
+ }
86
+ get bareJwk() {
87
+ if (this.isSymetric)
88
+ return undefined;
89
+ const { kty, crv, e, n, x, y } = this.jwk;
90
+ return jwk_js_1.jwkSchema.parse({ crv, e, kty, n, x, y });
91
+ }
92
+ get use() {
93
+ return this.jwk.use;
94
+ }
95
+ /**
96
+ * The (forced) algorithm to use. If not provided, the key will be usable with
97
+ * any of the algorithms in {@link algorithms}.
98
+ *
99
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1 | "alg" (Algorithm) Header Parameter Values for JWS}
100
+ */
101
+ get alg() {
102
+ return this.jwk.alg;
103
+ }
104
+ get kid() {
105
+ return this.jwk.kid;
106
+ }
107
+ get crv() {
108
+ return this.jwk.crv;
109
+ }
110
+ /**
111
+ * All the algorithms that this key can be used with. If `alg` is provided,
112
+ * this set will only contain that algorithm.
113
+ */
114
+ get algorithms() {
115
+ return Array.from((0, alg_js_1.jwkAlgorithms)(this.jwk));
116
+ }
117
+ },
118
+ (() => {
119
+ const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
120
+ _get_publicJwk_decorators = [util_js_1.cachedGetter];
121
+ _get_bareJwk_decorators = [util_js_1.cachedGetter];
122
+ _get_algorithms_decorators = [util_js_1.cachedGetter];
123
+ __esDecorate(_a, null, _get_publicJwk_decorators, { kind: "getter", name: "publicJwk", static: false, private: false, access: { has: obj => "publicJwk" in obj, get: obj => obj.publicJwk }, metadata: _metadata }, null, _instanceExtraInitializers);
124
+ __esDecorate(_a, null, _get_bareJwk_decorators, { kind: "getter", name: "bareJwk", static: false, private: false, access: { has: obj => "bareJwk" in obj, get: obj => obj.bareJwk }, metadata: _metadata }, null, _instanceExtraInitializers);
125
+ __esDecorate(_a, null, _get_algorithms_decorators, { kind: "getter", name: "algorithms", static: false, private: false, access: { has: obj => "algorithms" in obj, get: obj => obj.algorithms }, metadata: _metadata }, null, _instanceExtraInitializers);
126
+ if (_metadata) Object.defineProperty(_a, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
127
+ })(),
128
+ _a;
129
+ })();
130
+ exports.Key = Key;
131
+ //# sourceMappingURL=key.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"key.js","sourceRoot":"","sources":["../src/key.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,qCAAwC;AACxC,2CAAsC;AACtC,qCAAyC;AAGzC,uCAAwC;IAElB,GAAG;;;;;;sBAAH,GAAG;YACvB,YAA+B,GAAkB;gBAArC;;;;4BADQ,mDAAG,EACQ,GAAG;mBAAe;gBAC/C,gEAAgE;gBAChE,IAAI,CAAC,GAAG,CAAC,GAAG;oBAAE,MAAM,IAAI,oBAAQ,CAAC,+BAA+B,CAAC,CAAA;YACnE,CAAC;YAED,IAAI,SAAS;gBACX,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;gBACpB,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAClD,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAClD,OAAO,KAAK,CAAA;YACd,CAAC;YAED,IAAI,UAAU;gBACZ,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;gBACpB,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAClD,OAAO,KAAK,CAAA;YACd,CAAC;YAED,IAAI,UAAU;gBACZ,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;YAC9C,CAAC;YAGD,IAAI,SAAS;gBACX,IAAI,IAAI,CAAC,UAAU;oBAAE,OAAO,SAAS,CAAA;gBACrC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACnB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC,GAAU,CAAA;oBACxC,OAAO,GAAG,CAAA;gBACZ,CAAC;gBACD,OAAO,IAAI,CAAC,GAAG,CAAA;YACjB,CAAC;YAGD,IAAI,OAAO;gBACT,IAAI,IAAI,CAAC,UAAU;oBAAE,OAAO,SAAS,CAAA;gBACrC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,GAAU,CAAA;gBAChD,OAAO,kBAAS,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;YAClD,CAAC;YAED,IAAI,GAAG;gBACL,OAAO,IAAI,CAAC,GAAG,CAAC,GAAI,CAAA;YACtB,CAAC;YAED;;;;;eAKG;YACH,IAAI,GAAG;gBACL,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAA;YACrB,CAAC;YAED,IAAI,GAAG;gBACL,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAA;YACrB,CAAC;YAED,IAAI,GAAG;gBACL,OAAQ,IAAI,CAAC,GAA2D,CAAC,GAAG,CAAA;YAC9E,CAAC;YAED;;;eAGG;YAEH,IAAI,UAAU;gBACZ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAA,sBAAa,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;YAC5C,CAAC;;;;yCA9CA,sBAAY;uCAUZ,sBAAY;0CAiCZ,sBAAY;YA1Cb,gLAAI,SAAS,6DAOZ;YAGD,0KAAI,OAAO,6DAIV;YA6BD,mLAAI,UAAU,6DAEb;;;;;AArEmB,kBAAG"}
@@ -0,0 +1,41 @@
1
+ import { Jwks } from './jwks.js';
2
+ import { VerifyOptions, VerifyResult } from './jwt-verify.js';
3
+ import { JwtHeader, JwtPayload, SignedJwt } from './jwt.js';
4
+ import { Key } from './key.js';
5
+ import { Override } from './util.js';
6
+ export type JwtSignHeader = Override<JwtHeader, Pick<KeySearch, 'alg' | 'kid'>>;
7
+ export type JwtPayloadGetter<P = JwtPayload> = (header: JwtHeader, key: Key) => P | PromiseLike<P>;
8
+ export type KeySearch = {
9
+ use?: 'sig' | 'enc';
10
+ kid?: string | string[];
11
+ alg?: string | string[];
12
+ };
13
+ export declare class Keyset<K extends Key = Key> implements Iterable<K> {
14
+ /**
15
+ * The preferred algorithms to use when signing a JWT using this keyset.
16
+ *
17
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1}
18
+ */
19
+ readonly preferredSigningAlgorithms: readonly string[];
20
+ private readonly keys;
21
+ constructor(iterable: Iterable<K | null | undefined | false>,
22
+ /**
23
+ * The preferred algorithms to use when signing a JWT using this keyset.
24
+ *
25
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1}
26
+ */
27
+ preferredSigningAlgorithms?: readonly string[]);
28
+ get signAlgorithms(): readonly string[];
29
+ get publicJwks(): Jwks;
30
+ get privateJwks(): Jwks;
31
+ has(kid: string): boolean;
32
+ get(search: KeySearch): K;
33
+ list(search: KeySearch): Generator<K>;
34
+ findKey({ kid, alg, use }: KeySearch): [key: Key, alg: string];
35
+ [Symbol.iterator](): IterableIterator<K>;
36
+ createJwt({ alg: sAlg, kid: sKid, ...header }: JwtSignHeader, payload: JwtPayload | JwtPayloadGetter): Promise<SignedJwt>;
37
+ verifyJwt<P extends Record<string, unknown> = JwtPayload, C extends string = string>(token: SignedJwt, options?: VerifyOptions<C>): Promise<VerifyResult<P, C> & {
38
+ key: K;
39
+ }>;
40
+ }
41
+ //# sourceMappingURL=keyset.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"keyset.d.ts","sourceRoot":"","sources":["../src/keyset.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAEhC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC7D,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAC3D,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAC9B,OAAO,EACL,QAAQ,EAKT,MAAM,WAAW,CAAA;AAElB,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,GAAG,KAAK,CAAC,CAAC,CAAA;AAE/E,MAAM,MAAM,gBAAgB,CAAC,CAAC,GAAG,UAAU,IAAI,CAC7C,MAAM,EAAE,SAAS,EACjB,GAAG,EAAE,GAAG,KACL,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;AAEvB,MAAM,MAAM,SAAS,GAAG;IACtB,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAA;IACnB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IACvB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CACxB,CAAA;AAKD,qBAAa,MAAM,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,YAAW,QAAQ,CAAC,CAAC,CAAC;IAK3D;;;;OAIG;aACa,0BAA0B,EAAE,SAAS,MAAM,EAAE;IAT/D,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAc;gBAGjC,QAAQ,EAAE,QAAQ,CAAC,CAAC,GAAG,IAAI,GAAG,SAAS,GAAG,KAAK,CAAC;IAChD;;;;OAIG;IACa,0BAA0B,GAAE,SAAS,MAAM,EAetD;IAmBP,IACI,cAAc,IAAI,SAAS,MAAM,EAAE,CAWtC;IAED,IACI,UAAU,IAAI,IAAI,CAIrB;IAED,IACI,WAAW,IAAI,IAAI,CAItB;IAED,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIzB,GAAG,CAAC,MAAM,EAAE,SAAS,GAAG,CAAC;IAWxB,IAAI,CAAC,MAAM,EAAE,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC;IAwBtC,OAAO,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,SAAS,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC;IAsC9D,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,gBAAgB,CAAC,CAAC,CAAC;IAIlC,SAAS,CACb,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,EAAE,aAAa,EAClD,OAAO,EAAE,UAAU,GAAG,gBAAgB,GACrC,OAAO,CAAC,SAAS,CAAC;IAef,SAAS,CACb,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,EAC9C,CAAC,SAAS,MAAM,GAAG,MAAM,EAEzB,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,GACzB,OAAO,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG;QAAE,GAAG,EAAE,CAAC,CAAA;KAAE,CAAC;CAwB5C"}
package/dist/keyset.js ADDED
@@ -0,0 +1,234 @@
1
+ "use strict";
2
+ var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
3
+ var useValue = arguments.length > 2;
4
+ for (var i = 0; i < initializers.length; i++) {
5
+ value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
6
+ }
7
+ return useValue ? value : void 0;
8
+ };
9
+ var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
10
+ function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
11
+ var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
12
+ var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
13
+ var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
14
+ var _, done = false;
15
+ for (var i = decorators.length - 1; i >= 0; i--) {
16
+ var context = {};
17
+ for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
18
+ for (var p in contextIn.access) context.access[p] = contextIn.access[p];
19
+ context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
20
+ var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
21
+ if (kind === "accessor") {
22
+ if (result === void 0) continue;
23
+ if (result === null || typeof result !== "object") throw new TypeError("Object expected");
24
+ if (_ = accept(result.get)) descriptor.get = _;
25
+ if (_ = accept(result.set)) descriptor.set = _;
26
+ if (_ = accept(result.init)) initializers.unshift(_);
27
+ }
28
+ else if (_ = accept(result)) {
29
+ if (kind === "field") initializers.unshift(_);
30
+ else descriptor[key] = _;
31
+ }
32
+ }
33
+ if (target) Object.defineProperty(target, contextIn.name, descriptor);
34
+ done = true;
35
+ };
36
+ Object.defineProperty(exports, "__esModule", { value: true });
37
+ exports.Keyset = void 0;
38
+ const errors_js_1 = require("./errors.js");
39
+ const jwt_decode_js_1 = require("./jwt-decode.js");
40
+ const util_js_1 = require("./util.js");
41
+ const extractPrivateJwk = (key) => key.privateJwk;
42
+ const extractPublicJwk = (key) => key.publicJwk;
43
+ let Keyset = (() => {
44
+ var _a;
45
+ let _instanceExtraInitializers = [];
46
+ let _get_signAlgorithms_decorators;
47
+ let _get_publicJwks_decorators;
48
+ let _get_privateJwks_decorators;
49
+ return _a = class Keyset {
50
+ constructor(iterable,
51
+ /**
52
+ * The preferred algorithms to use when signing a JWT using this keyset.
53
+ *
54
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1}
55
+ */
56
+ preferredSigningAlgorithms = iterable instanceof
57
+ _a
58
+ ? [...iterable.preferredSigningAlgorithms]
59
+ : [
60
+ // Prefer elliptic curve algorithms
61
+ 'EdDSA',
62
+ 'ES256K',
63
+ 'ES256',
64
+ // https://datatracker.ietf.org/doc/html/rfc7518#section-3.5
65
+ 'PS256',
66
+ 'PS384',
67
+ 'PS512',
68
+ 'HS256',
69
+ 'HS384',
70
+ 'HS512',
71
+ ]) {
72
+ Object.defineProperty(this, "preferredSigningAlgorithms", {
73
+ enumerable: true,
74
+ configurable: true,
75
+ writable: true,
76
+ value: (__runInitializers(this, _instanceExtraInitializers), preferredSigningAlgorithms)
77
+ });
78
+ Object.defineProperty(this, "keys", {
79
+ enumerable: true,
80
+ configurable: true,
81
+ writable: true,
82
+ value: void 0
83
+ });
84
+ const keys = [];
85
+ const kids = new Set();
86
+ for (const key of iterable) {
87
+ if (!key)
88
+ continue;
89
+ keys.push(key);
90
+ if (key.kid) {
91
+ if (kids.has(key.kid))
92
+ throw new errors_js_1.JwkError(`Duplicate key: ${key.kid}`);
93
+ else
94
+ kids.add(key.kid);
95
+ }
96
+ }
97
+ this.keys = Object.freeze(keys);
98
+ }
99
+ get signAlgorithms() {
100
+ const algorithms = new Set();
101
+ for (const key of this) {
102
+ if (key.use !== 'sig')
103
+ continue;
104
+ for (const alg of key.algorithms) {
105
+ algorithms.add(alg);
106
+ }
107
+ }
108
+ return Object.freeze([...algorithms].sort((0, util_js_1.preferredOrderCmp)(this.preferredSigningAlgorithms)));
109
+ }
110
+ get publicJwks() {
111
+ return {
112
+ keys: Array.from(this, extractPublicJwk).filter(util_js_1.isDefined),
113
+ };
114
+ }
115
+ get privateJwks() {
116
+ return {
117
+ keys: Array.from(this, extractPrivateJwk).filter(util_js_1.isDefined),
118
+ };
119
+ }
120
+ has(kid) {
121
+ return this.keys.some((key) => key.kid === kid);
122
+ }
123
+ get(search) {
124
+ for (const key of this.list(search)) {
125
+ return key;
126
+ }
127
+ throw new errors_js_1.JwkError(`Key not found ${search.kid || search.alg || '<unknown>'}`, errors_js_1.ERR_JWK_NOT_FOUND);
128
+ }
129
+ *list(search) {
130
+ // Optimization: Empty string or empty array will not match any key
131
+ if (search.kid?.length === 0)
132
+ return;
133
+ if (search.alg?.length === 0)
134
+ return;
135
+ for (const key of this) {
136
+ if (search.use && key.use !== search.use)
137
+ continue;
138
+ if (Array.isArray(search.kid)) {
139
+ if (!key.kid || !search.kid.includes(key.kid))
140
+ continue;
141
+ }
142
+ else if (search.kid) {
143
+ if (key.kid !== search.kid)
144
+ continue;
145
+ }
146
+ if (Array.isArray(search.alg)) {
147
+ if (!search.alg.some((a) => key.algorithms.includes(a)))
148
+ continue;
149
+ }
150
+ else if (typeof search.alg === 'string') {
151
+ if (!key.algorithms.includes(search.alg))
152
+ continue;
153
+ }
154
+ yield key;
155
+ }
156
+ }
157
+ findKey({ kid, alg, use }) {
158
+ const matchingKeys = [];
159
+ for (const key of this.list({ kid, alg, use })) {
160
+ // Not a signing key
161
+ if (!key.isPrivate)
162
+ continue;
163
+ // Skip negotiation if a specific "alg" was provided
164
+ if (typeof alg === 'string')
165
+ return [key, alg];
166
+ matchingKeys.push(key);
167
+ }
168
+ const isAllowedAlg = (0, util_js_1.matchesAny)(alg);
169
+ const candidates = matchingKeys.map((key) => [key, key.algorithms.filter(isAllowedAlg)]);
170
+ // Return the first candidates that matches the preferred algorithms
171
+ for (const prefAlg of this.preferredSigningAlgorithms) {
172
+ for (const [matchingKey, matchingAlgs] of candidates) {
173
+ if (matchingAlgs.includes(prefAlg))
174
+ return [matchingKey, prefAlg];
175
+ }
176
+ }
177
+ // Return any candidate
178
+ for (const [matchingKey, matchingAlgs] of candidates) {
179
+ for (const alg of matchingAlgs) {
180
+ return [matchingKey, alg];
181
+ }
182
+ }
183
+ throw new errors_js_1.JwkError(`No singing key found for ${kid || alg || use || '<unknown>'}`, errors_js_1.ERR_JWK_NOT_FOUND);
184
+ }
185
+ [(_get_signAlgorithms_decorators = [util_js_1.cachedGetter], _get_publicJwks_decorators = [util_js_1.cachedGetter], _get_privateJwks_decorators = [util_js_1.cachedGetter], Symbol.iterator)]() {
186
+ return this.keys.values();
187
+ }
188
+ async createJwt({ alg: sAlg, kid: sKid, ...header }, payload) {
189
+ try {
190
+ const [key, alg] = this.findKey({ alg: sAlg, kid: sKid, use: 'sig' });
191
+ const protectedHeader = { ...header, alg, kid: key.kid };
192
+ if (typeof payload === 'function') {
193
+ payload = await payload(protectedHeader, key);
194
+ }
195
+ return await key.createJwt(protectedHeader, payload);
196
+ }
197
+ catch (err) {
198
+ throw errors_js_1.JwtCreateError.from(err);
199
+ }
200
+ }
201
+ async verifyJwt(token, options) {
202
+ const { header } = (0, jwt_decode_js_1.unsafeDecodeJwt)(token);
203
+ const { kid, alg } = header;
204
+ const errors = [];
205
+ for (const key of this.list({ kid, alg })) {
206
+ try {
207
+ const result = await key.verifyJwt(token, options);
208
+ return { ...result, key };
209
+ }
210
+ catch (err) {
211
+ errors.push(err);
212
+ }
213
+ }
214
+ switch (errors.length) {
215
+ case 0:
216
+ throw new errors_js_1.JwtVerifyError('No key matched', errors_js_1.ERR_JWKS_NO_MATCHING_KEY);
217
+ case 1:
218
+ throw errors_js_1.JwtVerifyError.from(errors[0], errors_js_1.ERR_JWT_INVALID);
219
+ default:
220
+ throw errors_js_1.JwtVerifyError.from(errors, errors_js_1.ERR_JWT_INVALID);
221
+ }
222
+ }
223
+ },
224
+ (() => {
225
+ const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
226
+ __esDecorate(_a, null, _get_signAlgorithms_decorators, { kind: "getter", name: "signAlgorithms", static: false, private: false, access: { has: obj => "signAlgorithms" in obj, get: obj => obj.signAlgorithms }, metadata: _metadata }, null, _instanceExtraInitializers);
227
+ __esDecorate(_a, null, _get_publicJwks_decorators, { kind: "getter", name: "publicJwks", static: false, private: false, access: { has: obj => "publicJwks" in obj, get: obj => obj.publicJwks }, metadata: _metadata }, null, _instanceExtraInitializers);
228
+ __esDecorate(_a, null, _get_privateJwks_decorators, { kind: "getter", name: "privateJwks", static: false, private: false, access: { has: obj => "privateJwks" in obj, get: obj => obj.privateJwks }, metadata: _metadata }, null, _instanceExtraInitializers);
229
+ if (_metadata) Object.defineProperty(_a, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
230
+ })(),
231
+ _a;
232
+ })();
233
+ exports.Keyset = Keyset;
234
+ //# sourceMappingURL=keyset.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"keyset.js","sourceRoot":"","sources":["../src/keyset.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAOoB;AAGpB,mDAAiD;AAIjD,uCAMkB;AAelB,MAAM,iBAAiB,GAAG,CAAC,GAAQ,EAAmB,EAAE,CAAC,GAAG,CAAC,UAAU,CAAA;AACvE,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAmB,EAAE,CAAC,GAAG,CAAC,SAAS,CAAA;IAExD,MAAM;;;;;;sBAAN,MAAM;YAGjB,YACE,QAAgD;YAChD;;;;eAIG;YACa,6BAAgD,QAAQ;gBACxE,EAAM;gBACJ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,0BAA0B,CAAC;gBAC1C,CAAC,CAAC;oBACE,mCAAmC;oBACnC,OAAO;oBACP,QAAQ;oBACR,OAAO;oBACP,4DAA4D;oBAC5D,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;iBACR;gBAfL;;;;4BAVS,mDAAM,EAUC,0BAA0B;mBAerC;gBAxBU;;;;;mBAAkB;gBA0BjC,MAAM,IAAI,GAAQ,EAAE,CAAA;gBAEpB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;gBAC9B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;oBAC3B,IAAI,CAAC,GAAG;wBAAE,SAAQ;oBAElB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAEd,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;wBACZ,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;4BAAE,MAAM,IAAI,oBAAQ,CAAC,kBAAkB,GAAG,CAAC,GAAG,EAAE,CAAC,CAAA;;4BACjE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBACxB,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACjC,CAAC;YAGD,IAAI,cAAc;gBAChB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAA;gBACpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK;wBAAE,SAAQ;oBAC/B,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;wBACjC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBACrB,CAAC;gBACH,CAAC;gBACD,OAAO,MAAM,CAAC,MAAM,CAClB,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CACzE,CAAA;YACH,CAAC;YAGD,IAAI,UAAU;gBACZ,OAAO;oBACL,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC,MAAM,CAAC,mBAAS,CAAC;iBAC3D,CAAA;YACH,CAAC;YAGD,IAAI,WAAW;gBACb,OAAO;oBACL,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,MAAM,CAAC,mBAAS,CAAC;iBAC5D,CAAA;YACH,CAAC;YAED,GAAG,CAAC,GAAW;gBACb,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;YACjD,CAAC;YAED,GAAG,CAAC,MAAiB;gBACnB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBACpC,OAAO,GAAG,CAAA;gBACZ,CAAC;gBAED,MAAM,IAAI,oBAAQ,CAChB,iBAAiB,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,IAAI,WAAW,EAAE,EAC1D,6BAAiB,CAClB,CAAA;YACH,CAAC;YAED,CAAC,IAAI,CAAC,MAAiB;gBACrB,mEAAmE;gBACnE,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,KAAK,CAAC;oBAAE,OAAM;gBACpC,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,KAAK,CAAC;oBAAE,OAAM;gBAEpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG;wBAAE,SAAQ;oBAElD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC9B,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;4BAAE,SAAQ;oBACzD,CAAC;yBAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;wBACtB,IAAI,GAAG,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG;4BAAE,SAAQ;oBACtC,CAAC;oBAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC9B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;4BAAE,SAAQ;oBACnE,CAAC;yBAAM,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;wBAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC;4BAAE,SAAQ;oBACpD,CAAC;oBAED,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAED,OAAO,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAa;gBAClC,MAAM,YAAY,GAAU,EAAE,CAAA;gBAE9B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;oBAC/C,oBAAoB;oBACpB,IAAI,CAAC,GAAG,CAAC,SAAS;wBAAE,SAAQ;oBAE5B,oDAAoD;oBACpD,IAAI,OAAO,GAAG,KAAK,QAAQ;wBAAE,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;oBAE9C,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACxB,CAAC;gBAED,MAAM,YAAY,GAAG,IAAA,oBAAU,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CACjC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAU,CAC7D,CAAA;gBAED,oEAAoE;gBACpE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,0BAA0B,EAAE,CAAC;oBACtD,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;wBACrD,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC;4BAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;oBACnE,CAAC;gBACH,CAAC;gBAED,uBAAuB;gBACvB,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;oBACrD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;wBAC/B,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;oBAC3B,CAAC;gBACH,CAAC;gBAED,MAAM,IAAI,oBAAQ,CAChB,4BAA4B,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,WAAW,EAAE,EAC9D,6BAAiB,CAClB,CAAA;YACH,CAAC;YAED,oCAzGC,sBAAY,iCAcZ,sBAAY,kCAOZ,sBAAY,GAoFZ,MAAM,CAAC,QAAQ,EAAC;gBACf,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAA;YAC3B,CAAC;YAED,KAAK,CAAC,SAAS,CACb,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAiB,EAClD,OAAsC;gBAEtC,IAAI,CAAC;oBACH,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAA;oBACrE,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;oBAExD,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;wBAClC,OAAO,GAAG,MAAM,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAA;oBAC/C,CAAC;oBAED,OAAO,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,OAAO,CAAC,CAAA;gBACtD,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,0BAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAChC,CAAC;YACH,CAAC;YAED,KAAK,CAAC,SAAS,CAIb,KAAgB,EAChB,OAA0B;gBAE1B,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,+BAAe,EAAC,KAAK,CAAC,CAAA;gBACzC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;gBAE3B,MAAM,MAAM,GAAc,EAAE,CAAA;gBAE5B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;oBAC1C,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAAO,KAAK,EAAE,OAAO,CAAC,CAAA;wBACxD,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,CAAA;oBAC3B,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAClB,CAAC;gBACH,CAAC;gBAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;oBACtB,KAAK,CAAC;wBACJ,MAAM,IAAI,0BAAc,CAAC,gBAAgB,EAAE,oCAAwB,CAAC,CAAA;oBACtE,KAAK,CAAC;wBACJ,MAAM,0BAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,2BAAe,CAAC,CAAA;oBACvD;wBACE,MAAM,0BAAc,CAAC,IAAI,CAAC,MAAM,EAAE,2BAAe,CAAC,CAAA;gBACtD,CAAC;YACH,CAAC;;;;YA3JD,+LAAI,cAAc,6DAWjB;YAGD,mLAAI,UAAU,6DAIb;YAGD,sLAAI,WAAW,6DAId;;;;;AAtEU,wBAAM"}